Jump to content

Recommended Posts

Hi! I had a nasty infection, including the fake Adobe update popup and constant browser redirection. Ran MBAM, Avira, Avast! (including boot scan), SpySweeper, all of which now say my computer is clean -- but if I do a browser search (Firefox, Chrome), I still get redirected to different sites. So SOMETHING'S still not right! Any help would be appreciated.

Happy New Year!

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by Scott Bellows at 17:00:37 on 2011-12-31

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.963 [GMT -8:00]

.

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dldoserv.exe

C:\WINDOWS\system32\dldocoms.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Macrium\Reflect\ReflectService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\WINDOWS\system32\vmnat.exe

C:\Documents and Settings\Scott Bellows\Local Settings\Application Data\Zimbra\zdesktop\zdesktop.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\VMware\VMware Player\vmware-authd.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Program Files\VMware\VMware Player\hqtray.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files\Dell 968 AIO Printer\memcard.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Dell 968 AIO Printer\dldomon.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\DNA\btdna.exe

C:\Documents and Settings\Scott Bellows\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\freecell.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/advanced_search?hl=en

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [Google Update] "c:\documents and settings\scott bellows\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto

mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe"

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe

mRun: [TPSMain] TPSMain.exe

mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe

mRun: [TFncKy] TFncKy.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [smoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

mRun: [MemoryCardManager] "c:\program files\dell 968 aio printer\memcard.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [dldomon.exe] "c:\program files\dell 968 aio printer\dldomon.exe"

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [Dell 968 AIO Printer Fax Server] "c:\program files\dell 968 aio printer\fm3032.exe" /s

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

mRun: [Alcmtr] ALCMTR.EXE

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe

StartupFolder: c:\docume~1\scottb~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\scottb~1\startm~1\programs\startup\seesmi~1.lnk - c:\program files\seesmic desktop\Seesmic Desktop.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\ms office\office\FASTBOOT.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\ms office\office\FASTBOOT.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe

IE: Add to Evernote - c:\program files\evernote\evernote3\enbar.dll/2000

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEE1} - c:\program files\evernote\evernote3\enbar.dll

LSP: c:\program files\vmware\vmware player\vsocklib.dll

Trusted Zone: intuit.com\ttlc

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243487986373

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://linksyssupport.webex.com/client/T26L10NSP49EP32-linksyssupport/support/ieatgpc.cab

TCP: DhcpNameServer = 68.87.69.150 68.87.85.102

TCP: Interfaces\{44D38D39-062F-4B3C-A6D1-30D3BE0D696B} : DhcpNameServer = 68.87.69.150 68.87.85.102

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll

Hosts: 94.63.240.147 www.google.com

Hosts: 94.63.240.148 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\scott bellows\application data\mozilla\firefox\profiles\m20ht13i.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en

FF - component: c:\documents and settings\scott bellows\application data\mozilla\firefox\profiles\m20ht13i.default\extensions\{394dcba4-1f92-4f8e-8ec9-8d2cb90cb69b}\components\ScreenshotXPCOM.dll

FF - component: c:\documents and settings\scott bellows\application data\mozilla\firefox\profiles\m20ht13i.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar3.dll

FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll

FF - plugin: c:\documents and settings\scott bellows\application data\mozilla\firefox\profiles\m20ht13i.default\extensions\{394dcba4-1f92-4f8e-8ec9-8d2cb90cb69b}\plugins\npLightshot.dll

FF - plugin: c:\documents and settings\scott bellows\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2011-10-31 16024]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-29 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-29 314456]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-28 36000]

R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\winxp virtual cd drive\VCdRom.sys [2001-12-19 8576]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-12-28 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-12-28 110032]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-29 20568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-29 44768]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-28 74640]

R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]

R2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [2010-9-8 99568]

R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2011-10-31 220824]

R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-8-14 54960]

R2 Zimbra Desktop Service;Zimbra Desktop Service;c:\documents and settings\scott bellows\local settings\application data\zimbra\zdesktop\zdesktop.exe [2010-4-23 139264]

R3 hpnuhst;HP NUSB Host;c:\windows\system32\drivers\hpnuhst.sys [2009-5-28 12032]

R3 HPNUHUB;HP NUSB Hub;c:\windows\system32\drivers\hpnuhub.sys [2009-5-28 39552]

S2 gupdate1c9e0af5194ce18;Google Update Service (gupdate1c9e0af5194ce18);c:\program files\google\update\GoogleUpdate.exe [2009-5-29 133104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-29 133104]

S3 HPWPAUSB;Wireless Printer Adapter;c:\windows\system32\drivers\HPWPAUSB.sys [2009-5-28 18560]

S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [2002-11-28 39048]

S3 MUD;Driver for Magellan USB Device;c:\windows\system32\drivers\MUD.sys [2009-7-25 51200]

S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2011-10-31 45208]

S3 PSVolAcc;PSVolAcc;c:\windows\system32\drivers\PSVolAcc.sys [2011-10-31 12952]

S3 SCPMPR5;SCPMPR5 NDIS Protocol Driver;\??\d:\scpmpr5.sys --> d:\SCPMPR5.SYS [?]

S3 SCPNDIS5;SCPNDIS5 NDIS Protocol Driver;\??\d:\scpndis5.sys --> d:\SCPNDIS5.SYS [?]

.

=============== Created Last 30 ================

.

2011-12-30 23:42:42 98816 ----a-w- c:\windows\sed.exe

2011-12-30 23:42:42 518144 ----a-w- c:\windows\SWREG.exe

2011-12-30 23:42:42 256000 ----a-w- c:\windows\PEV.exe

2011-12-30 23:42:42 208896 ----a-w- c:\windows\MBR.exe

2011-12-30 23:42:18 -------- d-s---w- C:\ComboFix

2011-12-30 17:37:55 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-30 17:34:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-30 04:34:39 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-12-30 04:33:59 41184 ----a-w- c:\windows\avastSS.scr

2011-12-30 04:33:41 -------- d-----w- c:\program files\AVAST Software

2011-12-30 04:33:41 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2011-12-30 01:44:07 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-12-30 01:44:07 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-12-28 17:11:19 -------- d-----w- c:\documents and settings\scott bellows\application data\Avira

2011-12-28 17:10:30 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-12-28 17:10:30 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-12-28 17:10:23 -------- d-----w- c:\program files\Avira

2011-12-28 17:10:23 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-12-13 00:43:40 -------- d-----w- C:\Family Pictures

2011-12-13 00:39:52 -------- d-----w- C:\Oo docs recovered after virus

.

==================== Find3M ====================

.

2011-10-31 09:32:40 12952 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys

2011-10-31 09:32:14 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys

2011-10-31 09:32:01 45208 ----a-w- c:\windows\system32\drivers\psmounter.sys

2011-10-10 20:53:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 17:02:30.42 ===============

Link to post
Share on other sites

Welcome to the forum.

Please download Farbar Service Scanner and run it on the computer with the issue.


  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Please download and run RogueKiller.

Choose 1 to scan the system

Post back the report.

MrC

Link to post
Share on other sites

Thanks for helping me out! (FYI, I disabled System Restore and deleted all but the last restore point after reading that this malware might be hiding there.)

Farbar log:

Farbar Service Scanner

Ran by Scott Bellows (administrator) on 03-01-2012 at 11:27:08

Microsoft Windows XP Professional Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

Srservice Service is not running. Checking service configuration:

The start type of Srservice service is OK.

The ImagePath of Srservice service is OK.

The ServiceDll of Srservice service is OK.

sr Service is not running. Checking service configuration:

The start type of sr service is set to Disabled. The default start type is Boot.

The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".

System Restore Disabled Policy:

========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR"=DWORD:1

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

AegisP(9) aswTdi(10) Gpc(6) IPSec(4) NetBT(5) PSched(7) s24trans(8) Tcpip(3) VMnetBridge(14)

0x0E000000040000000100000002000000030000000A00000005000000060000000700000008000000090000000B0000000C0000000D0000000E000000

IpSec Tag value is correct.

**** End of log ****

Rogue Killer log:

RogueKiller V6.2.2 [12/31/2011] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Scott Bellows [Admin rights]

Mode: Scan -- Date : 01/03/2012 11:30:38

¤¤¤ Bad processes: 1 ¤¤¤

[sUSP PATH] zdesktop.exe -- C:\Documents and Settings\Scott Bellows\Local Settings\Application Data\Zimbra\zdesktop\zdesktop.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 6 ¤¤¤

[] HKLM\[...]\Windows : () -> ACCESS DENIED

[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND

[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND

[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[] HKLM\[...]\Windows : () -> ACCESS DENIED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

94.63.240.147 www.google.com

94.63.240.148 www.bing.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] a273895f8b6748dc2ca3caeec6ba521a

[bSP] d0fdb92da277b9abd0785bdf7341d3d4 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 79760 Mo

1 - [XXXXXX] UNKNW [HIDDEN!] Offset (sectors): 155782305 | Size: 263 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Thanks again!

Link to post
Share on other sites

12:54:20.0765 5724 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

12:54:21.0234 5724 ============================================================

12:54:21.0234 5724 Current date / time: 2012/01/03 12:54:21.0234

12:54:21.0234 5724 SystemInfo:

12:54:21.0234 5724

12:54:21.0234 5724 OS Version: 5.1.2600 ServicePack: 3.0

12:54:21.0234 5724 Product type: Workstation

12:54:21.0234 5724 ComputerName: SBTOSHIBA

12:54:21.0234 5724 UserName: Scott Bellows

12:54:21.0234 5724 Windows directory: C:\WINDOWS

12:54:21.0234 5724 System windows directory: C:\WINDOWS

12:54:21.0234 5724 Processor architecture: Intel x86

12:54:21.0234 5724 Number of processors: 2

12:54:21.0234 5724 Page size: 0x1000

12:54:21.0234 5724 Boot type: Normal boot

12:54:21.0234 5724 ============================================================

12:54:23.0015 5724 Initialize success

12:54:43.0515 5676 ============================================================

12:54:43.0515 5676 Scan started

12:54:43.0515 5676 Mode: Manual; SigCheck; TDLFS;

12:54:43.0515 5676 ============================================================

12:54:44.0531 5676 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys

12:54:44.0703 5676 Aavmker4 - ok

12:54:44.0718 5676 Abiosdsk - ok

12:54:44.0734 5676 abp480n5 - ok

12:54:44.0796 5676 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

12:54:45.0109 5676 ACPI - ok

12:54:45.0125 5676 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

12:54:45.0250 5676 ACPIEC - ok

12:54:45.0265 5676 adpu160m - ok

12:54:45.0296 5676 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

12:54:45.0421 5676 aec - ok

12:54:45.0453 5676 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys

12:54:45.0468 5676 AegisP ( UnsignedFile.Multi.Generic ) - warning

12:54:45.0468 5676 AegisP - detected UnsignedFile.Multi.Generic (1)

12:54:45.0625 5676 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

12:54:45.0656 5676 AFD - ok

12:54:45.0718 5676 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

12:54:45.0828 5676 AgereSoftModem - ok

12:54:45.0843 5676 Aha154x - ok

12:54:45.0859 5676 aic78u2 - ok

12:54:45.0859 5676 aic78xx - ok

12:54:45.0875 5676 AliIde - ok

12:54:45.0890 5676 amsint - ok

12:54:45.0937 5676 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

12:54:46.0078 5676 Arp1394 - ok

12:54:46.0359 5676 asc - ok

12:54:46.0359 5676 asc3350p - ok

12:54:46.0375 5676 asc3550 - ok

12:54:46.0437 5676 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys

12:54:46.0453 5676 aswFsBlk - ok

12:54:46.0484 5676 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys

12:54:46.0484 5676 aswMon2 - ok

12:54:46.0500 5676 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys

12:54:46.0515 5676 aswRdr - ok

12:54:46.0531 5676 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys

12:54:46.0562 5676 aswSnx - ok

12:54:46.0734 5676 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys

12:54:46.0750 5676 aswSP - ok

12:54:46.0781 5676 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys

12:54:46.0781 5676 aswTdi - ok

12:54:46.0828 5676 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

12:54:46.0953 5676 AsyncMac - ok

12:54:46.0968 5676 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

12:54:47.0109 5676 atapi - ok

12:54:47.0187 5676 Atdisk - ok

12:54:47.0218 5676 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

12:54:47.0343 5676 Atmarpc - ok

12:54:47.0375 5676 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

12:54:47.0500 5676 audstub - ok

12:54:47.0562 5676 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

12:54:47.0578 5676 avgntflt - ok

12:54:47.0640 5676 avipbb (475fbb85956534720858ae72010c0a43) C:\WINDOWS\system32\DRIVERS\avipbb.sys

12:54:47.0656 5676 avipbb - ok

12:54:47.0671 5676 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys

12:54:47.0687 5676 avkmgr - ok

12:54:47.0687 5676 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

12:54:47.0828 5676 Beep - ok

12:54:47.0937 5676 catchme - ok

12:54:48.0031 5676 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

12:54:48.0171 5676 cbidf2k - ok

12:54:48.0171 5676 cd20xrnt - ok

12:54:48.0203 5676 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

12:54:48.0328 5676 Cdaudio - ok

12:54:48.0375 5676 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

12:54:48.0500 5676 Cdfs - ok

12:54:48.0593 5676 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

12:54:48.0718 5676 Cdrom - ok

12:54:48.0734 5676 Changer - ok

12:54:48.0750 5676 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

12:54:48.0875 5676 CmBatt - ok

12:54:48.0890 5676 CmdIde - ok

12:54:48.0906 5676 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

12:54:49.0015 5676 Compbatt - ok

12:54:49.0031 5676 Cpqarray - ok

12:54:49.0046 5676 dac2w2k - ok

12:54:49.0062 5676 dac960nt - ok

12:54:49.0078 5676 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

12:54:49.0203 5676 Disk - ok

12:54:49.0250 5676 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

12:54:49.0250 5676 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning

12:54:49.0250 5676 DLABOIOM - detected UnsignedFile.Multi.Generic (1)

12:54:49.0281 5676 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

12:54:49.0281 5676 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning

12:54:49.0281 5676 DLACDBHM - detected UnsignedFile.Multi.Generic (1)

12:54:49.0375 5676 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS

12:54:49.0390 5676 DLADResN ( UnsignedFile.Multi.Generic ) - warning

12:54:49.0390 5676 DLADResN - detected UnsignedFile.Multi.Generic (1)

12:54:49.0421 5676 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

12:54:49.0421 5676 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning

12:54:49.0421 5676 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)

12:54:49.0453 5676 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

12:54:49.0453 5676 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning

12:54:49.0453 5676 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)

12:54:49.0468 5676 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

12:54:49.0484 5676 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning

12:54:49.0484 5676 DLAPoolM - detected UnsignedFile.Multi.Generic (1)

12:54:49.0531 5676 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

12:54:49.0546 5676 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning

12:54:49.0546 5676 DLARTL_N - detected UnsignedFile.Multi.Generic (1)

12:54:49.0625 5676 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

12:54:49.0656 5676 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning

12:54:49.0656 5676 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)

12:54:49.0671 5676 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

12:54:49.0687 5676 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning

12:54:49.0687 5676 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)

12:54:49.0765 5676 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

12:54:49.0937 5676 dmboot - ok

12:54:50.0015 5676 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

12:54:50.0140 5676 dmio - ok

12:54:50.0187 5676 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

12:54:50.0312 5676 dmload - ok

12:54:50.0375 5676 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

12:54:50.0500 5676 DMusic - ok

12:54:50.0546 5676 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

12:54:50.0687 5676 dot4 - ok

12:54:50.0718 5676 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

12:54:50.0859 5676 Dot4Print - ok

12:54:50.0937 5676 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys

12:54:51.0078 5676 dot4usb - ok

12:54:51.0093 5676 dpti2o - ok

12:54:51.0109 5676 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

12:54:51.0234 5676 drmkaud - ok

12:54:51.0328 5676 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

12:54:51.0343 5676 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning

12:54:51.0343 5676 DRVMCDB - detected UnsignedFile.Multi.Generic (1)

12:54:51.0375 5676 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

12:54:51.0390 5676 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning

12:54:51.0390 5676 DRVNDDM - detected UnsignedFile.Multi.Generic (1)

12:54:51.0453 5676 E100B (2646883e6dd867cd872d5b51b6036710) C:\WINDOWS\system32\DRIVERS\e100b325.sys

12:54:51.0468 5676 E100B - ok

12:54:51.0500 5676 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

12:54:51.0531 5676 e1express - ok

12:54:51.0593 5676 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

12:54:51.0718 5676 Fastfat - ok

12:54:51.0750 5676 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

12:54:51.0875 5676 Fdc - ok

12:54:51.0890 5676 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

12:54:52.0015 5676 Fips - ok

12:54:52.0078 5676 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

12:54:52.0203 5676 Flpydisk - ok

12:54:52.0265 5676 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

12:54:52.0390 5676 FltMgr - ok

12:54:52.0421 5676 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

12:54:52.0546 5676 Fs_Rec - ok

12:54:52.0625 5676 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

12:54:52.0765 5676 Ftdisk - ok

12:54:52.0796 5676 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

12:54:52.0906 5676 Gpc - ok

12:54:52.0968 5676 hcmon (6da9aede83f2cdf11181e214127b63b7) C:\WINDOWS\system32\drivers\hcmon.sys

12:54:52.0968 5676 hcmon - ok

12:54:53.0000 5676 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

12:54:53.0125 5676 HDAudBus - ok

12:54:53.0171 5676 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

12:54:53.0281 5676 HidUsb - ok

12:54:53.0296 5676 hpn - ok

12:54:53.0312 5676 hpnuhst (ac6abca57a9ca35dca94f9d0c60758bf) C:\WINDOWS\system32\DRIVERS\hpnuhst.sys

12:54:53.0343 5676 hpnuhst - ok

12:54:53.0421 5676 HPNUHUB (bf5e0555c119693f8d611e0b046e9517) C:\WINDOWS\system32\DRIVERS\hpnuhub.sys

12:54:53.0437 5676 HPNUHUB - ok

12:54:53.0500 5676 HPWPAUSB (92b41d08a1109746023999061ef73a11) C:\WINDOWS\system32\Drivers\HPWPAUSB.sys

12:54:53.0531 5676 HPWPAUSB - ok

12:54:53.0640 5676 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

12:54:53.0671 5676 HTTP - ok

12:54:53.0687 5676 i2omgmt - ok

12:54:53.0687 5676 i2omp - ok

12:54:53.0718 5676 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

12:54:53.0843 5676 i8042prt - ok

12:54:53.0921 5676 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

12:54:54.0031 5676 ialm - ok

12:54:54.0203 5676 ICDUSB2 (60b044a221cf76cc6077b0c3e9136cff) C:\WINDOWS\system32\Drivers\ICDUSB2.sys

12:54:54.0234 5676 ICDUSB2 - ok

12:54:54.0265 5676 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

12:54:54.0375 5676 Imapi - ok

12:54:54.0390 5676 ini910u - ok

12:54:54.0593 5676 IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys

12:54:54.0796 5676 IntcAzAudAddService - ok

12:54:54.0921 5676 IntelIde - ok

12:54:54.0953 5676 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

12:54:55.0078 5676 intelppm - ok

12:54:55.0109 5676 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

12:54:55.0234 5676 Ip6Fw - ok

12:54:55.0265 5676 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

12:54:55.0406 5676 IpFilterDriver - ok

12:54:55.0453 5676 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

12:54:55.0578 5676 IpInIp - ok

12:54:55.0593 5676 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

12:54:55.0734 5676 IpNat - ok

12:54:55.0750 5676 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

12:54:55.0875 5676 IPSec - ok

12:54:55.0906 5676 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

12:54:56.0031 5676 IRENUM - ok

12:54:56.0156 5676 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

12:54:56.0281 5676 isapnp - ok

12:54:56.0312 5676 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys

12:54:56.0328 5676 Iviaspi ( UnsignedFile.Multi.Generic ) - warning

12:54:56.0328 5676 Iviaspi - detected UnsignedFile.Multi.Generic (1)

12:54:56.0343 5676 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

12:54:56.0468 5676 Kbdclass - ok

12:54:56.0515 5676 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

12:54:56.0640 5676 kbdhid - ok

12:54:56.0687 5676 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

12:54:56.0796 5676 kmixer - ok

12:54:56.0812 5676 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys

12:54:56.0843 5676 KR10N - ok

12:54:56.0890 5676 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

12:54:56.0906 5676 KSecDD - ok

12:54:56.0921 5676 lbrtfdc - ok

12:54:56.0937 5676 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys

12:54:56.0937 5676 meiudf ( UnsignedFile.Multi.Generic ) - warning

12:54:56.0937 5676 meiudf - detected UnsignedFile.Multi.Generic (1)

12:54:56.0968 5676 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

12:54:57.0093 5676 mnmdd - ok

12:54:57.0109 5676 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

12:54:57.0234 5676 Modem - ok

12:54:57.0359 5676 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

12:54:57.0468 5676 Mouclass - ok

12:54:57.0500 5676 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

12:54:57.0640 5676 mouhid - ok

12:54:57.0671 5676 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

12:54:57.0796 5676 MountMgr - ok

12:54:57.0796 5676 mraid35x - ok

12:54:57.0843 5676 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

12:54:57.0953 5676 MRxDAV - ok

12:54:58.0031 5676 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

12:54:58.0046 5676 MRxSmb - ok

12:54:58.0109 5676 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

12:54:58.0234 5676 Msfs - ok

12:54:58.0359 5676 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

12:54:58.0500 5676 MSKSSRV - ok

12:54:58.0515 5676 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

12:54:58.0625 5676 MSPCLOCK - ok

12:54:58.0640 5676 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

12:54:58.0765 5676 MSPQM - ok

12:54:58.0796 5676 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

12:54:58.0906 5676 mssmbios - ok

12:54:58.0953 5676 MUD (21e41f5b3e17ba93fbaff33758af8048) C:\WINDOWS\system32\DRIVERS\MUD.sys

12:54:58.0984 5676 MUD ( UnsignedFile.Multi.Generic ) - warning

12:54:58.0984 5676 MUD - detected UnsignedFile.Multi.Generic (1)

12:54:59.0015 5676 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

12:54:59.0125 5676 Mup - ok

12:54:59.0156 5676 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

12:54:59.0281 5676 NDIS - ok

12:54:59.0296 5676 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

12:54:59.0406 5676 NdisTapi - ok

12:54:59.0468 5676 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

12:54:59.0578 5676 Ndisuio - ok

12:54:59.0843 5676 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

12:54:59.0968 5676 NdisWan - ok

12:55:00.0015 5676 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

12:55:00.0046 5676 NDProxy - ok

12:55:00.0062 5676 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

12:55:00.0187 5676 NetBIOS - ok

12:55:00.0203 5676 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

12:55:00.0328 5676 NetBT - ok

12:55:00.0343 5676 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys

12:55:00.0359 5676 Netdevio ( UnsignedFile.Multi.Generic ) - warning

12:55:00.0359 5676 Netdevio - detected UnsignedFile.Multi.Generic (1)

12:55:00.0484 5676 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

12:55:00.0609 5676 NIC1394 - ok

12:55:00.0625 5676 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

12:55:00.0750 5676 Npfs - ok

12:55:00.0796 5676 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

12:55:00.0953 5676 Ntfs - ok

12:55:01.0015 5676 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

12:55:01.0031 5676 NuidFltr - ok

12:55:01.0062 5676 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

12:55:01.0187 5676 Null - ok

12:55:01.0218 5676 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

12:55:01.0343 5676 NwlnkFlt - ok

12:55:01.0453 5676 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

12:55:01.0593 5676 NwlnkFwd - ok

12:55:01.0640 5676 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

12:55:01.0765 5676 ohci1394 - ok

12:55:01.0796 5676 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

12:55:01.0921 5676 Parport - ok

12:55:01.0937 5676 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

12:55:02.0046 5676 PartMgr - ok

12:55:02.0078 5676 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

12:55:02.0187 5676 ParVdm - ok

12:55:02.0203 5676 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

12:55:02.0328 5676 PCI - ok

12:55:02.0343 5676 PCIDump - ok

12:55:02.0359 5676 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

12:55:02.0500 5676 PCIIde - ok

12:55:02.0531 5676 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

12:55:02.0656 5676 Pcmcia - ok

12:55:02.0671 5676 PDCOMP - ok

12:55:02.0687 5676 PDFRAME - ok

12:55:02.0703 5676 PDRELI - ok

12:55:02.0718 5676 PDRFRAME - ok

12:55:02.0718 5676 perc2 - ok

12:55:02.0734 5676 perc2hib - ok

12:55:02.0781 5676 Pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys

12:55:02.0796 5676 Pfc ( UnsignedFile.Multi.Generic ) - warning

12:55:02.0796 5676 Pfc - detected UnsignedFile.Multi.Generic (1)

12:55:02.0921 5676 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

12:55:03.0031 5676 PptpMiniport - ok

12:55:03.0062 5676 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

12:55:03.0171 5676 PSched - ok

12:55:03.0234 5676 PSMounter (d5aa0ad7e37649ac27af50a5fbcc9397) C:\WINDOWS\system32\drivers\psmounter.sys

12:55:03.0250 5676 PSMounter - ok

12:55:03.0250 5676 pssnap (5781359e8be73e8962e94f015a8df404) C:\WINDOWS\system32\DRIVERS\pssnap.sys

12:55:03.0265 5676 pssnap - ok

12:55:03.0312 5676 PSVolAcc (72d3eddc230b9cb2bbb9dc1b7a3b3d90) C:\WINDOWS\system32\drivers\PSVolAcc.sys

12:55:03.0312 5676 PSVolAcc - ok

12:55:03.0328 5676 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

12:55:03.0468 5676 Ptilink - ok

12:55:03.0500 5676 PxHelp20 (5491e4e7d93804f43abe8ce3c39f5a86) C:\WINDOWS\system32\Drivers\PxHelp20.sys

12:55:03.0515 5676 PxHelp20 - ok

12:55:03.0578 5676 ql1080 - ok

12:55:03.0593 5676 Ql10wnt - ok

12:55:03.0609 5676 ql12160 - ok

12:55:03.0609 5676 ql1240 - ok

12:55:03.0625 5676 ql1280 - ok

12:55:03.0656 5676 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

12:55:03.0796 5676 RasAcd - ok

12:55:03.0812 5676 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

12:55:03.0921 5676 Rasl2tp - ok

12:55:03.0937 5676 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

12:55:04.0062 5676 RasPppoe - ok

12:55:04.0062 5676 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

12:55:04.0187 5676 Raspti - ok

12:55:04.0218 5676 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

12:55:04.0343 5676 Rdbss - ok

12:55:04.0453 5676 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

12:55:04.0593 5676 RDPCDD - ok

12:55:04.0656 5676 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

12:55:04.0765 5676 rdpdr - ok

12:55:04.0812 5676 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

12:55:04.0921 5676 RDPWD - ok

12:55:04.0953 5676 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

12:55:05.0062 5676 redbook - ok

12:55:05.0093 5676 RimUsb - ok

12:55:05.0156 5676 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

12:55:05.0171 5676 RimVSerPort - ok

12:55:05.0187 5676 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

12:55:05.0312 5676 ROOTMODEM - ok

12:55:05.0375 5676 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys

12:55:05.0390 5676 s24trans ( UnsignedFile.Multi.Generic ) - warning

12:55:05.0390 5676 s24trans - detected UnsignedFile.Multi.Generic (1)

12:55:05.0390 5676 SCPMPR5 - ok

12:55:05.0406 5676 SCPNDIS5 - ok

12:55:05.0453 5676 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

12:55:05.0578 5676 sdbus - ok

12:55:05.0671 5676 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

12:55:05.0812 5676 Secdrv - ok

12:55:05.0843 5676 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

12:55:05.0968 5676 Serial - ok

12:55:06.0031 5676 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

12:55:06.0140 5676 Sfloppy - ok

12:55:06.0156 5676 Simbad - ok

12:55:06.0171 5676 Sparrow - ok

12:55:06.0218 5676 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

12:55:06.0328 5676 splitter - ok

12:55:06.0406 5676 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

12:55:06.0531 5676 sr - ok

12:55:06.0562 5676 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

12:55:06.0625 5676 Srv - ok

12:55:06.0734 5676 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

12:55:06.0734 5676 ssmdrv - ok

12:55:06.0765 5676 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

12:55:06.0890 5676 swenum - ok

12:55:06.0906 5676 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

12:55:07.0031 5676 swmidi - ok

12:55:07.0046 5676 symc810 - ok

12:55:07.0062 5676 symc8xx - ok

12:55:07.0078 5676 sym_hi - ok

12:55:07.0093 5676 sym_u3 - ok

12:55:07.0140 5676 SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys

12:55:07.0156 5676 SynTP - ok

12:55:07.0171 5676 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

12:55:07.0296 5676 sysaudio - ok

12:55:07.0328 5676 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys

12:55:07.0359 5676 tbiosdrv - ok

12:55:07.0406 5676 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

12:55:07.0453 5676 Tcpip - ok

12:55:07.0578 5676 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

12:55:07.0703 5676 TDPIPE - ok

12:55:07.0750 5676 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

12:55:07.0859 5676 TDTCP - ok

12:55:07.0875 5676 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

12:55:08.0000 5676 TermDD - ok

12:55:08.0046 5676 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys

12:55:08.0062 5676 tifm21 - ok

12:55:08.0078 5676 TosIde - ok

12:55:08.0125 5676 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys

12:55:08.0140 5676 tosrfec ( UnsignedFile.Multi.Generic ) - warning

12:55:08.0140 5676 tosrfec - detected UnsignedFile.Multi.Generic (1)

12:55:08.0187 5676 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys

12:55:08.0203 5676 TrueSight ( UnsignedFile.Multi.Generic ) - warning

12:55:08.0203 5676 TrueSight - detected UnsignedFile.Multi.Generic (1)

12:55:08.0218 5676 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys

12:55:08.0218 5676 TVALD ( UnsignedFile.Multi.Generic ) - warning

12:55:08.0218 5676 TVALD - detected UnsignedFile.Multi.Generic (1)

12:55:08.0250 5676 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys

12:55:08.0265 5676 Tvs ( UnsignedFile.Multi.Generic ) - warning

12:55:08.0265 5676 Tvs - detected UnsignedFile.Multi.Generic (1)

12:55:08.0375 5676 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

12:55:08.0500 5676 Udfs - ok

12:55:08.0625 5676 ultra - ok

12:55:08.0671 5676 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

12:55:08.0796 5676 Update - ok

12:55:08.0843 5676 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

12:55:08.0984 5676 usbaudio - ok

12:55:09.0062 5676 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

12:55:09.0171 5676 usbccgp - ok

12:55:09.0203 5676 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

12:55:09.0312 5676 usbehci - ok

12:55:09.0343 5676 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

12:55:09.0468 5676 usbhub - ok

12:55:09.0578 5676 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

12:55:09.0703 5676 usbprint - ok

12:55:09.0750 5676 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

12:55:09.0875 5676 usbscan - ok

12:55:09.0921 5676 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

12:55:10.0031 5676 USBSTOR - ok

12:55:10.0062 5676 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

12:55:10.0187 5676 usbuhci - ok

12:55:10.0250 5676 vcdrom (bfa4ae30b3ac10e9223830bf103f5a3f) C:\Program Files\WinXP virtual CD drive\VCdRom.sys

12:55:10.0250 5676 vcdrom ( UnsignedFile.Multi.Generic ) - warning

12:55:10.0250 5676 vcdrom - detected UnsignedFile.Multi.Generic (1)

12:55:10.0265 5676 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

12:55:10.0390 5676 VgaSave - ok

12:55:10.0390 5676 ViaIde - ok

12:55:10.0453 5676 vmci (94c14c0983e5d031e82b1d0c124ed601) C:\WINDOWS\system32\Drivers\vmci.sys

12:55:10.0453 5676 vmci - ok

12:55:10.0531 5676 vmkbd2 (2ce7e3a838822d11cfd04d202f039c1b) C:\WINDOWS\system32\drivers\VMkbd.sys

12:55:10.0546 5676 vmkbd2 - ok

12:55:10.0656 5676 VMnetAdapter (898706a05d20b706848a440961c52436) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys

12:55:10.0671 5676 VMnetAdapter - ok

12:55:10.0703 5676 VMnetBridge (5692cbd2a25e04c62707bfc311884b65) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys

12:55:10.0718 5676 VMnetBridge - ok

12:55:10.0734 5676 VMnetuserif (235dd1f8581f6f658594a30f671c3c3b) C:\WINDOWS\system32\drivers\vmnetuserif.sys

12:55:10.0750 5676 VMnetuserif - ok

12:55:10.0843 5676 vmx86 (5255b6239a8d05910dd3ae81b09c516b) C:\WINDOWS\system32\Drivers\vmx86.sys

12:55:10.0875 5676 vmx86 - ok

12:55:11.0000 5676 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

12:55:11.0125 5676 VolSnap - ok

12:55:11.0250 5676 vstor2-ws60 (e4fa7aff5046fc49de22e903b7e35add) C:\Program Files\VMware\VMware Player\vstor2-ws60.sys

12:55:11.0265 5676 vstor2-ws60 - ok

12:55:11.0437 5676 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys

12:55:11.0562 5676 w39n51 - ok

12:55:11.0656 5676 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

12:55:11.0781 5676 Wanarp - ok

12:55:11.0890 5676 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

12:55:11.0921 5676 wanatw - ok

12:55:11.0984 5676 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

12:55:12.0015 5676 Wdf01000 - ok

12:55:12.0031 5676 WDICA - ok

12:55:12.0062 5676 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

12:55:12.0187 5676 wdmaud - ok

12:55:12.0218 5676 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

12:55:12.0343 5676 WS2IFSL - ok

12:55:12.0406 5676 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

12:55:12.0437 5676 WudfPf - ok

12:55:12.0500 5676 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

12:55:12.0531 5676 WudfRd - ok

12:55:12.0578 5676 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0

12:55:12.0828 5676 \Device\Harddisk0\DR0 - ok

12:55:12.0828 5676 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk2\DR11

12:55:13.0187 5676 \Device\Harddisk2\DR11 - ok

12:55:13.0187 5676 Boot (0x1200) (698f3d9b182084aa875a13e8f9381630) \Device\Harddisk0\DR0\Partition0

12:55:13.0187 5676 \Device\Harddisk0\DR0\Partition0 - ok

12:55:13.0187 5676 Boot (0x1200) (773214e05916cf0be207218e5139e9de) \Device\Harddisk2\DR11\Partition0

12:55:13.0187 5676 \Device\Harddisk2\DR11\Partition0 - ok

12:55:13.0187 5676 ============================================================

12:55:13.0187 5676 Scan finished

12:55:13.0187 5676 ============================================================

12:55:13.0296 6004 Detected object count: 23

12:55:13.0296 6004 Actual detected object count: 23

12:55:20.0906 6004 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

12:55:20.0906 6004 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:55:20.0906 6004 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user

12:55:20.0906 6004 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:55:20.0906 6004 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user

12:55:20.0906 6004 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:55:20.0906 6004 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user

12:55:20.0906 6004 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:55:20.0906 6004 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user

12:55:20.0906 6004 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:55:20.0921 6004 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user

12:55:20.0921 6004 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:55:20.0921 6004 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user

12:55:20.0921 6004 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:55:20.0921 6004 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user

12:55:20.0921 6004 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:55:20.0921 6004 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user

12:55:20.0921 6004 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:55:20.0921 6004 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user

12:55:20.0921 6004 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:55:20.0921 6004 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user

12:55:20.0921 6004 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:55:20.0921 6004 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user

12:55:20.0921 6004 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:55:20.0921 6004 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user

12:55:20.0921 6004 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:55:20.0937 6004 meiudf ( UnsignedFile.Multi.Generic ) - skipped by user

12:55:20.0937 6004 meiudf ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:55:20.0937 6004 MUD ( UnsignedFile.Multi.Generic ) - skipped by user

12:55:20.0937 6004 MUD ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:55:20.0937 6004 Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user

12:55:20.0937 6004 Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:55:20.0937 6004 Pfc ( UnsignedFile.Multi.Generic ) - skipped by user

12:55:20.0937 6004 Pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:55:20.0937 6004 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user

12:55:20.0937 6004 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:55:20.0937 6004 tosrfec ( UnsignedFile.Multi.Generic ) - skipped by user

12:55:20.0937 6004 tosrfec ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:55:20.0953 6004 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user

12:55:20.0953 6004 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:55:20.0953 6004 TVALD ( UnsignedFile.Multi.Generic ) - skipped by user

12:55:20.0953 6004 TVALD ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:55:20.0953 6004 Tvs ( UnsignedFile.Multi.Generic ) - skipped by user

12:55:20.0953 6004 Tvs ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:55:20.0953 6004 vcdrom ( UnsignedFile.Multi.Generic ) - skipped by user

12:55:20.0953 6004 vcdrom ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

Please enable system restore before running ComboFix!!

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

Here ya go!

ComboFix 12-01-03.04 - Scott Bellows 01/03/2012 13:50:53.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1318 [GMT -8:00]

Running from: c:\documents and settings\Scott Bellows\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\Scott Bellows\Templates\7yybr1yert1bud22nhkyrv2y53t7ao8yykj22y6j

c:\documents and settings\Scott Bellows\WINDOWS

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\SETADE.tmp

c:\windows\system32\SETAE3.tmp

c:\windows\system32\SETB25.tmp

c:\windows\WinRAR

c:\windows\WinRAR\awkjpwd

c:\windows\WinRAR\uninstall.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-12-03 to 2012-01-03 )))))))))))))))))))))))))))))))

.

.

2012-01-03 19:30 . 2012-01-03 19:30 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2011-12-30 17:37 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-30 17:34 . 2011-12-30 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-30 04:34 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-12-30 04:34 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-12-30 04:34 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-12-30 04:34 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-12-30 04:34 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-12-30 04:34 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-12-30 04:34 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-12-30 04:34 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-12-30 04:33 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr

2011-12-30 04:33 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe

2011-12-30 04:33 . 2011-12-30 04:33 -------- d-----w- c:\program files\AVAST Software

2011-12-30 04:33 . 2011-12-30 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-12-30 01:44 . 2011-12-30 13:53 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-12-30 01:44 . 2011-12-30 04:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-12-28 17:11 . 2011-12-28 17:11 -------- d-----w- c:\documents and settings\Scott Bellows\Application Data\Avira

2011-12-28 17:10 . 2011-12-28 17:53 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-12-28 17:10 . 2011-09-16 07:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-12-28 17:10 . 2011-09-16 07:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-12-28 17:10 . 2011-12-28 17:10 -------- d-----w- c:\program files\Avira

2011-12-28 17:10 . 2011-12-28 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-12-13 00:43 . 2011-12-13 00:43 -------- d-----w- C:\Family Pictures

2011-12-13 00:39 . 2011-12-13 00:43 -------- d-----w- C:\Oo docs recovered after virus

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-31 09:32 . 2011-10-31 10:26 12952 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys

2011-10-31 09:32 . 2011-10-31 10:26 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys

2011-10-31 09:32 . 2011-10-31 10:26 45208 ----a-w- c:\windows\system32\drivers\psmounter.sys

2011-10-10 20:53 . 2011-10-10 20:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-08 13:03 . 2011-08-08 13:03 292664 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

2011-07-08 07:16 . 2011-08-04 00:58 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2011-05-17 20:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-26 39408]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-09 323392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2009-08-15 64048]

"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]

"TPSMain"="TPSMain.exe" [2005-06-01 282624]

"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]

"TFncKy"="TFncKy.exe" [bU]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 761945]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]

"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]

"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]

"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]

"MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]

"dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]

"Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]

"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]

"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]

.

c:\documents and settings\Scott Bellows\Start Menu\Programs\Startup\

OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

Seesmic Desktop.lnk - c:\program files\Seesmic Desktop\Seesmic Desktop.exe [N/A]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office Fast Start.lnk - c:\program files\MS Office\Office\FASTBOOT.EXE [1996-3-19 14848]

Microsoft Office Find Fast Indexer.lnk - c:\program files\MS Office\Office\FASTBOOT.EXE [1996-3-19 14848]

RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-1-19 155648]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WordPerfect Office 1215]

2004-03-08 17:36 733184 ----a-w- c:\program files\WordPerfect Office 12\Programs\Registration.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"AntiVirService"=2 (0x2)

"AntiVirSchedulerService"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\TOPO! Explorer\\te.exe"=

"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=

"c:\\WINDOWS\\system32\\dldocoms.exe"=

"c:\\Program Files\\Dell 968 AIO Printer\\dldomon.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldopswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldotime.exe"=

"c:\\Program Files\\Dell 968 AIO Printer\\dldoaiox.exe"=

"c:\\Program Files\\Dell 968 AIO Printer\\DLDOFax.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldojswx.exe"=

"c:\\Program Files\\Dell 968 AIO Printer\\dldoafcn.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldowbgw.exe"=

"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"427:UDP"= 427:UDP:HP printer.print server port

"161:UDP"= 161:UDP:HP printer.print server port

"139:UDP"= 139:UDP:HP printer.print server port

"9220:TCP"= 9220:TCP:HP printer.print server port

"9500:TCP"= 9500:TCP:HP printer.print server port

"9290:TCP"= 9290:TCP:HP printer.print server port

"61964:TCP"= 61964:TCP:eMule TCP incoming

"62211:UDP"= 62211:UDP:eMule UDP outgoing

.

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [10/31/2011 2:26 AM 16024]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/29/2011 8:34 PM 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/29/2011 8:34 PM 314456]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [12/28/2011 9:10 AM 36000]

R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\WinXP virtual CD drive\VCdRom.sys [12/19/2001 10:45 AM 8576]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/28/2011 9:10 AM 86224]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/29/2011 8:34 PM 20568]

R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]

R2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [9/8/2010 7:22 PM 99568]

R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [10/31/2011 2:26 AM 220824]

R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [8/14/2009 7:13 PM 54960]

R3 hpnuhst;HP NUSB Host;c:\windows\system32\drivers\hpnuhst.sys [5/28/2009 6:29 PM 12032]

R3 HPNUHUB;HP NUSB Hub;c:\windows\system32\drivers\hpnuhub.sys [5/28/2009 6:29 PM 39552]

S2 gupdate1c9e0af5194ce18;Google Update Service (gupdate1c9e0af5194ce18);c:\program files\Google\Update\GoogleUpdate.exe [5/29/2009 2:46 PM 133104]

S2 Zimbra Desktop Service;Zimbra Desktop Service;c:\documents and settings\Scott Bellows\Local Settings\Application Data\Zimbra\zdesktop\zdesktop.exe [4/23/2010 7:31 AM 139264]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/29/2009 2:46 PM 133104]

S3 HPWPAUSB;Wireless Printer Adapter;c:\windows\system32\drivers\HPWPAUSB.sys [5/28/2009 6:25 PM 18560]

S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [11/28/2002 9:23 PM 39048]

S3 MUD;Driver for Magellan USB Device;c:\windows\system32\drivers\MUD.sys [7/25/2009 2:35 PM 51200]

S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [10/31/2011 2:26 AM 45208]

S3 PSVolAcc;PSVolAcc;c:\windows\system32\drivers\PSVolAcc.sys [10/31/2011 2:26 AM 12952]

S3 SCPMPR5;SCPMPR5 NDIS Protocol Driver;\??\d:\scpmpr5.sys --> d:\SCPMPR5.SYS [?]

S3 SCPNDIS5;SCPNDIS5 NDIS Protocol Driver;\??\d:\scpndis5.sys --> d:\SCPNDIS5.SYS [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 19355838

*NewlyCreated* - 54961668

*NewlyCreated* - TRUESIGHT

*Deregistered* - 19355838

*Deregistered* - 54961668

*Deregistered* - TrueSight

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-03 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-26 04:39]

.

2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 22:46]

.

2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 22:46]

.

2012-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1046265747-2112637631-1207020124-1005Core.job

- c:\documents and settings\Scott Bellows\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-03 13:01]

.

2012-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1046265747-2112637631-1207020124-1005UA.job

- c:\documents and settings\Scott Bellows\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-03 13:01]

.

2012-01-03 c:\windows\Tasks\Macrium Bku Full C Drive xml.job

- c:\program files\Macrium\Reflect\reflect.exe [2011-10-31 09:23]

.

2011-01-17 c:\windows\Tasks\SB full C to MyBook xml.job

- c:\program files\Macrium\Reflect\reflect.exe [2011-10-31 09:23]

.

2012-01-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2011-05-17 20:29]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/advanced_search?hl=en

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: c:\program files\VMware\VMware Player\vsocklib.dll

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 68.87.69.150 68.87.85.102

FF - ProfilePath - c:\documents and settings\Scott Bellows\Application Data\Mozilla\Firefox\Profiles\m20ht13i.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-QuickTime Task - c:\program files\QuickTime\qttask.exe

AddRemove-WinRAR - c:\windows\WinRAR\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-03 14:09

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

C:\## aswSnx private storage

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]

"Licence0"="04F0D21-79D8-7A25-D702-433F"

.

Completion time: 2012-01-03 14:15:56

ComboFix-quarantined-files.txt 2012-01-03 22:15

ComboFix2.txt 2010-05-09 16:40

.

Pre-Run: 1,131,438,080 bytes free

Post-Run: 1,679,650,816 bytes free

.

- - End Of File - - 7422BF7637EF718FDB47F3E7FBCF3DED

Link to post
Share on other sites

Great :) Looks Good!

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the Run Box.

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

ComboFix deleted these, plus also reset your host file.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\Scott Bellows\Templates\7yybr1yert1bud22nhkyrv2y53t7ao8yykj22y6j

c:\documents and settings\Scott Bellows\WINDOWS

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\SETADE.tmp

c:\windows\system32\SETAE3.tmp

c:\windows\system32\SETB25.tmp

c:\windows\WinRAR

c:\windows\WinRAR\awkjpwd

c:\windows\WinRAR\uninstall.exe

MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.